CVE-2022-1672

CVE-2022-1672: Insights from Google PageSpeed < 4.0.7 - Multiple CSRF

Vendor Unknown

Product Insights from Google PageSpeed

Weakness CWE-352 · CSRF

Published July 17, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

Key dates

02Disclosure timeline

July 17, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1672 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2024-51641 WordPress Advanced PDF Generator plugin <= 0.4.0 - CSRF to Stored XSS vulnerability CVE-2025-30535 WordPress External image replace plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability CVE-2026-24596 WordPress Related Posts Thumbnails plugin for WordPress plugin <= 4.3.2 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-43316 WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-13139 SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation